import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;

/**
 * Test suite for jcifs.smb1.https.Handler class.
 * Tests HTTPS URL stream handler functionality with NTLM authentication support.
 */
@DisplayName("SMB1 HTTPS Handler Tests")
class HandlerTest {

    private Handler handler;

    @BeforeEach
    void setUp() {
        handler = new Handler();
    }

    @Nested

    /**
     * This constructor used to instance a SigningDigest object for
     * signing/verifying SMB using kerberos session key.
     * The MAC Key = concat(Session Key, Digest of Challenge);
     * Because of Kerberos Authentication don't have challenge,
     * The MAC Key = Session Key
     *
     * @param macSigningKey
     *            The MAC key used to sign or verify SMB.
     */
    public SMB1SigningDigest(final byte[] macSigningKey) {

If you integrate your API with an OAuth2 provider, you will be able to authenticate and come back to the API docs with the acquired credentials. And interact with it using the real OAuth2 authentication.

Swagger UI will handle it behind the scenes for you, but it needs this "redirect" helper.

///

### Create a *path operation* to test it { #create-a-path-operation-to-test-it }

**NOTE**: When configuring multiple OpenID based authentication providers on a MinIO cluster, any number of Role Policy based providers may be configured, and at most one JWT Claim based provider may be configured.

<details><summary>Example 1: Two role policy providers</summary>

import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.BERTags;

import jcifs.pac.ASN1Util;
import jcifs.pac.PACDecodingException;

/**
 * Represents a Kerberos authentication token.
 */
public class KerberosToken {

    private KerberosApRequest apRequest;

    /**
     * Constructs a KerberosToken from token bytes.
     *
     * @param token the token bytes

            throw new NdrException("Data representation not supported");
        }
        this.length = buf.dec_ndr_short();
        if (buf.dec_ndr_short() != 0) {
            throw new NdrException("DCERPC authentication not supported");
        }
        this.call_id = buf.dec_ndr_long();
    }

    @Override
    public void encode(final NdrBuffer buf) throws NdrException {
        final int start = buf.getIndex();

        assertFalse(exception.isAuthenticationError());
        assertFalse(exception.isFileSystemError());
        assertFalse(exception.isTransientError());

        // Authentication error
        exception = new SmbOperationException(SmbOperationException.ErrorCode.INVALID_CREDENTIALS, "Bad password");
        assertFalse(exception.isNetworkError());
        assertTrue(exception.isAuthenticationError());

sasl_username    (string)    username for SASL/PLAIN or SASL/SCRAM authentication
sasl_password    (string)    password for SASL/PLAIN or SASL/SCRAM authentication
sasl_mechanism   (string)    sasl authentication mechanism, default 'PLAIN'
tls_client_auth  (string)    clientAuth determines the Kafka server's policy for TLS client auth
sasl             (on|off)    set to 'on' to enable SASL authentication
tls              (on|off)    set to 'on' to enable TLS

import kotlin.text.Charsets.ISO_8859_1
import okhttp3.internal.unmodifiable

/**
 * An [RFC 7235][rfc_7235] challenge.
 *
 * [rfc_7235]: https://tools.ietf.org/html/rfc7235
 */
class Challenge(
  /** Returns the authentication scheme, like `Basic`. */
  @get:JvmName("scheme") val scheme: String,
  authParams: Map<String?, String>,
) {
  /**
   * Returns the auth params, including [realm] and [charset] if present, but as

 * Provides core functionality for encoding/decoding SMB messages, handling message signing,
 * and managing message metadata such as IDs, commands, and authentication information.
 *
 * @author mbechler
 */
public interface CommonServerMessageBlock extends Message {

    /**
     * Decode message data from the given byte array
     *